Vulnerabilities > Fedoraproject > Extra Packages FOR Enterprise Linux > 8.0

DATE	CVE	VULNERABILITY TITLE	RISK
2022-02-14	CVE-2022-0571	Cross-site Scripting vulnerability in multiple products Cross-site Scripting (XSS) - Reflected in GitHub repository phoronix-test-suite/phoronix-test-suite prior to 10.8.2. network low complexity phoronix-media fedoraproject CWE-79	6.1
2022-01-31	CVE-2021-45079	NULL Pointer Dereference vulnerability in multiple products In strongSwan before 5.9.5, a malicious responder can send an EAP-Success message too early without actually authenticating the client and (in the case of EAP methods with mutual authentication and EAP-only authentication for IKEv2) even without server authentication. network low complexity strongswan debian fedoraproject canonical CWE-476 critical	9.1
2022-01-06	CVE-2021-46141	Use After Free vulnerability in multiple products An issue was discovered in uriparser before 0.9.6. local low complexity uriparser-project fedoraproject debian opensuse CWE-416	5.5
2022-01-06	CVE-2021-46142	Use After Free vulnerability in multiple products An issue was discovered in uriparser before 0.9.6. local low complexity uriparser-project fedoraproject debian opensuse CWE-416	5.5
2021-09-08	CVE-2021-21897	Integer Underflow (Wrap or Wraparound) vulnerability in multiple products A code execution vulnerability exists in the DL_Dxf::handleLWPolylineData functionality of Ribbonsoft dxflib 3.17.0. network low complexity ribbonsoft fedoraproject debian CWE-191	8.8
2021-02-23	CVE-2021-20247	Path Traversal vulnerability in multiple products A flaw was found in mbsync before v1.3.5 and v1.4.1. network high complexity mbsync-project debian fedoraproject CWE-22	7.4
2020-12-08	CVE-2020-27818	Out-of-bounds Read vulnerability in multiple products A flaw was found in the check_chunk_name() function of pngcheck-2.4.0. local low complexity libpng fedoraproject debian CWE-125	3.3
2020-02-26	CVE-2020-9274	Access of Uninitialized Pointer vulnerability in multiple products An issue was discovered in Pure-FTPd 1.0.49. network low complexity pureftpd debian fedoraproject canonical CWE-824	7.5
2020-01-16	CVE-2020-7106	Cross-site Scripting vulnerability in multiple products Cacti 1.2.8 has stored XSS in data_sources.php, color_templates_item.php, graphs.php, graph_items.php, lib/api_automation.php, user_admin.php, and user_group_admin.php, as demonstrated by the description parameter in data_sources.php (a raw string from the database that is displayed by $header to trigger the XSS). network low complexity cacti debian opensuse suse fedoraproject CWE-79	6.1

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.